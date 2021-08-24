Razer Synapse is software that allows you to customize the buttons and RGB LEDs on Razer peripherals. Widely used by gamers across the planet, it is the subject of an easily exploitable security vulnerability. Discovered by @ j0nh4t who detailed the manipulation on Twitter, it allows access to administrator privileges under Windows by simply plugging in a keyboard or mouse.

Need local admin and have physical access?

– Plug a Razer mouse (or the dongle)

– Windows Update will download and execute RazerInstaller as SYSTEM

– Abuse elevated Explorer to open Powershell with Shift + Right click Tried contacting @Razer, but no answers. So here’s a freebie pic.twitter.com/xDkl87RCmz

– jonhat (@ j0nh4t) August 21, 2021

Indeed, when you connect a Razer device to a PC, Windows offers to install Razer Synapse and launches the executable with system privileges. It is then possible to change the software installation folder and open PowerShell with a few clicks, which also opens with administrator privileges. It is therefore possible to execute any command from the computer …